Overview

overview

7

Static

static

3

System Run...or.exe

windows7-x64

7

System Run...or.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    System Runtime Monitor.exe

  • Size

    103.9MB

  • Sample

    231104-23g95sgb2y

  • MD5

    ebebaeb3acc311730c0f2a6e9e62e382

  • SHA1

    3542db1383f212e664e9b573099b3949d36cc972

  • SHA256

    12bd3eec2e65ff91a7764ed548e1bc7cbf0c04b944290bc662e1947438431035

  • SHA512

    fd3b33d176b9a1dfff5b11e3f107b372023a6917e85e1d04096e895d70d799aca763275c0b380368e9b3c29ba5a3fcb96e376e9a64ae6b7fd0b57ffa0e4472a4

  • SSDEEP

    1572864:c1a8RlqxGxOg44dc37L9z9VuR5voAUmamUyqtE:cWGxTs75AvoAlam3

Score
7/10

Malware Config

Targets

    • Target

      System Runtime Monitor.exe

    • Size

      103.9MB

    • MD5

      ebebaeb3acc311730c0f2a6e9e62e382

    • SHA1

      3542db1383f212e664e9b573099b3949d36cc972

    • SHA256

      12bd3eec2e65ff91a7764ed548e1bc7cbf0c04b944290bc662e1947438431035

    • SHA512

      fd3b33d176b9a1dfff5b11e3f107b372023a6917e85e1d04096e895d70d799aca763275c0b380368e9b3c29ba5a3fcb96e376e9a64ae6b7fd0b57ffa0e4472a4

    • SSDEEP

      1572864:c1a8RlqxGxOg44dc37L9z9VuR5voAUmamUyqtE:cWGxTs75AvoAlam3

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks